Applying default permissions for newly created files within a specific folder

User Name

Remember Me?

Password

Linux - DesktopThis forum is for the discussion of all Linux Software used in a desktop context.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

Applying default permissions for newly created files within a specific folder

I've been trying to do this for a while, but I haven't found much info on this so I had to put the pieces together myself, so to speak. In essence, I want to change the umask for only one folder, which you can't really do with umask... This is the only way AFAIK to achieve this. Please let me know if there is a simpler way.

Here is my objective:

I have a folder which I want to share with rw permissions for a selected group of users. Let's say the folder is /music and I want to share it with the group media. What we want is not only having users accessing files in /music with rw access, but also to ensure that all files created in /music will have ownership username:media and permissions -rw-rw-r-- .

To achieve this, we will use two tools:1) GID2) ACL (man acl)

GID
Lets assume the /music directory has the following permissions:

Code:

drwxrwxr-x root media

By setting the GID on the directory /music , files created within this directory will have the same group as the /music directory. For example, normally we would expect a newly created file to have the following ownership:

Code:

-rw-r--r-- 1 matty users 0 2007-12-06 22:46 newfile

If we set the GID of /music :

Code:

chmod g+s /music

Now, newly created files in /music will have the following ownership:

Code:

-rw-r--r-- 1 matty media 0 2007-12-06 22:46 newfile

We are one step closer but what we actually want is:

Code:

-rw-rw-r-- 1 matty media 0 2007-12-06 22:46 newfile

so that other users in the group media will be able to modify/delete the file.

ACL

ACL is included in the default Slackware install (for Ubuntu sudo apt-get install acl should do the trick). To "activate" it, you simply have to remount the drive with the acl option.

We're done. For those who prefer a GUI, you can execute the steps outlined above using Konqueror. Right click -> permissions -> advanced permissions. Mess around with those options at you leisure.

Now, when we create a new file in /music :

Code:

touch newfile
ls -l newfile

Gives us:

Code:

-rw-rw-r--+ 1 matty media 0 2007-12-06 22:46 newfile

The plus sign is to indicate ACL attributes are in effect on the file.

Newly created folders in /music should have:

Code:

drwxrwsr-x+ 2 matty media 48 2007-12-06 23:15 newfolder/

Applying this idea to an already existing messy /music folder with subdirectories.

Before you do this as root in a valuable folder, its probably a good idea to practice as user in a not so valuable folder in your home directory to avoid potentially disastrous mistakes. Before using chmod and chown with -R as root, think carefully...

Set GID as described above:

Code:

chown -R :media /music
chmod 775 music
chmod g+s /music

ls -ld music should give us

Code:

drwxrwsr-x 3 matty media

*** find a way to set the g+s on all subdirectories ***
This is pretty straight forward using konqueror. Select all the directories and right click, permissions, and advanced permissions.
From the command line: ???

We can apply acl recursively:

Code:

setfacl -R -d -m g::rwx -m o::rx /music

This creates the default rules for newly created files/dirs within the /music directory and subdirectories.

If the original files in there were created with a "standard" umask, most of them will have permissions similar to:

Code:

-rw-r--r--
drwx-r-xr-x

Assuming this is the case, we can fix this with

Code:

chmod -R g+w /music

That should do it.
Your files in /music should now be group (media) writeable. New files will be created with group media and be group writeable as well.

I am using Ubuntu 7.10 and applied this to ext3. Life will be a lot easier if we can get 90% to use one or two distributions . Critical mass! Now even a computer-noob friend of mine is using Ubuntu on his laptop. Whenever he's in trouble, I need to spell out the commands for him, but still .

I didn't even get umask to work, I think mount gave me unsupported option errors. I also tried to have 'cp' preserve file permissions based on acl, like when creating files, but that didn't work, so I had to manually chmod all the files. I still have to manually chmod all the directories to have g+x. But the action seems to have been in vain, because I can't get Windows to recognize UTF8 encoding on the ext3 volume, so there goes interoperability. Of course, there wouldn't have been acl in windows, but the right amount of scripting should automate the revival when in linux. I think the ext2ifs driver doesn't map UTF8 encoding to whatever evil single-byte scheme WinXP uses internally, and back.

First of all, I just must say that I created an account here just for this thread. Great tips .

Anyway I have a further questions which you might be able to help with:

Say that I want to copy an already created file into this directory, and I would like the copied file to gain the same permissions. Anyone has an idea of this (from my limited testing, it seems that files copied into the directory actually keep their old permissions)?

First of all, I just must say that I created an account here just for this thread. Great tips .

Anyway I have a further questions which you might be able to help with:

Say that I want to copy an already created file into this directory, and I would like the copied file to gain the same permissions. Anyone has an idea of this (from my limited testing, it seems that files copied into the directory actually keep their old permissions)?

Cheers,

Henrik

Hi Henrik. Thanks.

I haven't found a way to do this either... yet. One workaround would be to use the "find" command to apply the proper permissions to all files and folders within the target directory.

775 for directories
664 for files
and then chmod g+s on the directories.

But ya, it would be better to find a way to do this when the file is being moved.

'Home', which is world readable.
Inside Home I have
Desktop
Documents
Library
Movies
Music
Pictures
Public
/Dropbox
Sites

All the folders inside 'Home' are locked to anyone except me, other than 'Public' which is read/write for anyone and 'Dropbox which is 'write only' for anyone.

'Sites' is the Apache folder.

This setup seems sensible to me. It's secure and private.

Ubuntu sets things up so that everything in the 'Home' folder is world-readable. This to me is not so clever.

Be that as it may. I _really_ don't want to argue the point but I'm desperate to find a way so that any new user I create on the box gets an OSX-like permissions setup.

Can you help me? I'm a bit of a Ubuntu evangelist and don't want a prospective Windows convert to think I'm nuts for recommending an OS which has such odd defaults.

Is there a way? I'm guessing it's a variation on your setup above but I'm not sufficiently well versed in the technicalities.

Any help appreciated :-)

(As an aside... Do all Linux Distros have these (what I would call...) odd default permissions?)

Slow.

Hi S.Lowhand,
To set the permissions you want, I believe you can use chmod 700 on all the directories in your home folder that you don't want anyone else to access:

Code:

chmod 700 /home/user/my-directory

If there are no folders you wish to share in your home folder, you could even set your home directory that way.

Code:

chmod 700 /home/user

This may have some minor consequences though. For example, your login manager might not be able to read your .face icon (or whatever it's called) and you won't get your pretty login picture next to user name on the login screen. That's a problem I've had in the past anyways.

Cheers!

EDIT: I may have misunderstood your question. If you want all this to happen by default when you create a new user, then you would probably want to modify the adduser script, which is probably located in /usr/sbin/

(As an aside... Do all Linux Distros have these (what I would call...) odd default permissions?)
Slow.

I'm not sure if this a Ubuntu quirk. I think the defaults perms for the home folders in Slackware is 711 which means users can enter the home dir but not ls or see any of the files in there. But of course, if someone knows the name of a file in there, and if the file was created with read perms for all (which is the default umask in most cases) then they could read that file. I honestly don't know why or the historical reasons behind why things are this way.